Mitsubishi gets hacked – and the world is less safe

The recent security breach at Mitsubishi Heavy Industries comes at a time when cyber-crime and coordinated espionage threaten to change the balance of power in both the Pacific and the world as a whole

What's also been little reported, however, is that one such manufacturer (a household name) has been attacked by hackers, with potentially vital information leaked as a result:

Some of Japan’s most sensitive defence secrets have been targeted by hackers, who have gained access to up to 80 computers of its biggest defence contractor - in what appeared to be a coordinated attack.

Contractor Mitsubishi Heavy Industries Ltd said today its submarine, missile and nuclear plant component factories had been targeted, according to a report.

Some information could have been stolen in the first known cyber attack on Japan’s defence industry, the company confessed today...

How nice of the authorities concerned not to tell us until now. (The breach took place on August 11.) More worryingly, Mitsubishi Heavy Industries works on a lot of, shall we say, sensitive areas:

...Around 80 virus-infected computers were found at the company’s headquarters, the [Daily] Yomiuri newspaper reported, as well as manufacturing, research and development sites.

One of these, the Kobe Shipyard, currently builds submarines and makes components to build nuclear power stations. The Nagoya plant, meanwhile, makes guided missiles and rocket engines, according to the publication...

...Mitsubishi Heavy is the country's biggest defense contractor, winning 215 deals worth 260 billion yen ($3.4 billion) from Japan's Ministry of Defense in the year to last March, or nearly a quarter of the ministry's spending that year...

In other words, someone may now have insider information on the means and wherewithal of Japan's aerial defence system, not to mention key parts of its infrastructure. Potentially, such leaks of intellectual property could ruin entire businesses and national industries. Apart from demonstrating the need for the Japanese government not to give so many contracts to one company (MHI got $3.4 billion in contracts during the last 12 months), it also suggests the opening shots of a new kind of war.

Rather than shots being fired or missiles exchanged, this kind of war seeks to undermine the other side's conventional capabilities, either via sabotage or industrial espionage. Naturally, it's already happened in America, and the data that's been potentially stolen in Japan is also worrying from a US perspective, given the 'advantages' it might grant a hostile power in the Pacific:

‘...It's probably just the first that hacking attacks in Japan have been detected. It's consistent with what we've seen already with big American defence companies,’ Andrew Davies, a cyber-warfare analyst with the government backed defence think-tank, the Australian Strategic Policy Institute, told Reuters.

‘The Japanese make large conventional submarines that are among the world's most sophisticated ... (they) have very nicely integrated solutions with their own mechanical, electronic and control systems, so it a pretty attractive hacking proposition, to get the design of a Japanese submarine,’ he added...

Incidentally, it now seems the language used in the hacking attack was Chinese, which, given the industrial levels of cyber-crime that takes place in China and a recent epidemic of cyber-attacks in the same month MHI was hacked, suggests a diplomatically unfortunate pattern.

Of course, a certain perspective is needed. Espionage and sabotage has been a constant since the bronze age, while fears over hacking are as much a reflection of popular fears as it is over real incidents such as this. Ongoing skullduggery of the kind that befell Mitsubishi Heavy Industries was par of the course in the Cold War. We have been here before, but perhaps the risks are much higher now anyone with access to the Web can be a terrorist or a spy.

So, naturally, we can only assume that nothing like this would ever befall the UK, given our experience dealing with Soviet spy networks. After all, even though we rely on one company, BAE Systems, for the bulk of our defence procurement and civil servants have been known to lose laptops and data discs, that's no reason to assume that we've been hacked too, or that the government hasn't used the Official Secrets Act to cover it up - has it?